From: Dmitry Vyukov <dvyukov@google.com>
To: Wengang Wang <wen.gang.wang@oracle.com>
Cc: Linux-MM <linux-mm@kvack.org>,
Andrey Ryabinin <aryabinin@virtuozzo.com>,
Alexander Potapenko <glider@google.com>,
kasan-dev <kasan-dev@googlegroups.com>
Subject: Re: [PATCH 0/5] mm/kasan: advanced check
Date: Fri, 17 Nov 2017 23:56:21 +0100 [thread overview]
Message-ID: <CACT4Y+ZkC8R1vL+=j4Ordr2-4BWAc8Um+hdxPPWS6_DFi58ZJA@mail.gmail.com> (raw)
In-Reply-To: <20171117223043.7277-1-wen.gang.wang@oracle.com>
On Fri, Nov 17, 2017 at 11:30 PM, Wengang Wang <wen.gang.wang@oracle.com> wrote:
> Kasan advanced check, I'm going to add this feature.
> Currently Kasan provide the detection of use-after-free and out-of-bounds
> problems. It is not able to find the overwrite-on-allocated-memory issue.
> We sometimes hit this kind of issue: We have a messed up structure
> (usually dynamially allocated), some of the fields in the structure were
> overwritten with unreasaonable values. And kernel may panic due to those
> overeritten values. We know those fields were overwritten somehow, but we
> have no easy way to find out which path did the overwritten. The advanced
> check wants to help in this scenario.
>
> The idea is to define the memory owner. When write accesses come from
> non-owner, error should be reported. Normally the write accesses on a given
> structure happen in only several or a dozen of functions if the structure
> is not that complicated. We call those functions "allowed functions".
> The work of defining the owner and binding memory to owner is expected to
> be done by the memory consumer. In the above case, memory consume register
> the owner as the functions which have write accesses to the structure then
> bind all the structures to the owner. Then kasan will do the "owner check"
> after the basic checks.
>
> As implementation, kasan provides a API to it's user to register their
> allowed functions. The API returns a token to users. At run time, users
> bind the memory ranges they are interested in to the check they registered.
> Kasan then checks the bound memory ranges with the allowed functions.
>
>
> Signed-off-by: Wengang Wang <wen.gang.wang@oracle.com>
>
> 0001-mm-kasan-make-space-in-shadow-bytes-for-advanced-che.patch
> 0002-mm-kasan-pass-access-mode-to-poison-check-functions.patch
> 0003-mm-kasan-do-advanced-check.patch
> 0004-mm-kasan-register-check-and-bind-it-to-memory.patch
> 0005-mm-kasan-add-advanced-check-test-case.patch
>
> include/linux/kasan.h | 16 ++
> lib/test_kasan.c | 73 ++++++++++++
> mm/kasan/kasan.c | 292 +++++++++++++++++++++++++++++++++++++++++++-------
> mm/kasan/kasan.h | 42 +++++++
> mm/kasan/report.c | 44 ++++++-
> 5 files changed, 424 insertions(+), 43 deletions(-)
+kasan-dev mailing list
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2017-11-17 22:56 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-17 22:30 [PATCH 0/5] mm/kasan: advanced check Wengang Wang
2017-11-17 22:30 ` [PATCH 1/5] mm/kasan: make space in shadow bytes for " Wengang Wang
2017-11-17 22:30 ` [PATCH 2/5] mm/kasan: pass access mode to poison check functions Wengang Wang
2017-11-17 22:30 ` [PATCH 3/5] mm/kasan: do advanced check Wengang Wang
2017-11-17 22:30 ` [PATCH 4/5] mm/kasan: register check and bind it to memory Wengang Wang
2017-11-17 22:30 ` [PATCH 5/5] mm/kasan: add advanced check test case Wengang Wang
2017-11-17 22:32 ` [PATCH 0/5] mm/kasan: advanced check Wengang Wang
2017-11-17 22:56 ` Dmitry Vyukov [this message]
2017-11-20 1:50 ` Joonsoo Kim
2017-11-20 8:41 ` Dmitry Vyukov
2017-11-20 20:05 ` Wengang
2017-11-20 20:20 ` Dmitry Vyukov
2017-11-20 20:29 ` Wengang
2017-11-21 9:54 ` Dmitry Vyukov
2017-11-21 19:17 ` Wengang Wang
2017-11-22 8:48 ` Dmitry Vyukov
2017-11-22 21:09 ` Wengang Wang
2017-11-20 19:56 ` Wengang
2017-11-22 4:30 ` Joonsoo Kim
2017-11-22 8:51 ` Dmitry Vyukov
2017-11-23 6:07 ` Joonsoo Kim
2017-11-22 19:43 ` Wengang Wang
2017-11-23 6:23 ` Joonsoo Kim
2017-11-23 6:35 ` Joonsoo Kim
2017-11-22 12:04 ` Andrey Ryabinin
2017-11-23 5:57 ` Joonsoo Kim
2017-11-22 12:04 ` Andrey Ryabinin
2017-11-22 19:29 ` Wengang Wang
2017-11-26 19:37 ` Wengang Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CACT4Y+ZkC8R1vL+=j4Ordr2-4BWAc8Um+hdxPPWS6_DFi58ZJA@mail.gmail.com' \
--to=dvyukov@google.com \
--cc=aryabinin@virtuozzo.com \
--cc=glider@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=linux-mm@kvack.org \
--cc=wen.gang.wang@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).